Packet filter: A type of firewall devices that process network traffic on a packet-by-packet basis. Packet filter devices allow or block packets, and are typically implemented through standard routers.
Circuit-level gateway: Circuit-level gateways are similar to packet filters. The main advantage of circuit-level gateways is their ability to provide network address translation.
Application-level gateway: Application gateways function at all four layers of the TCP/IP suite.
They are typically implemented through software installed on a specialized server. Application gateways are sometimes known as proxy servers.
,circuit-level gateways, and application-level gateways.
A simple rule of thumb is, the more sensitive the data, the more extensive the firewall strategy should be.
Common Firewall Designs
Each of the four common firewall designs creates a matrix of filters and points that can process and secure information. Four firewall designs are:
The screening router
The screened host firewall using a single-homed bastion host
The screened host firewall using a dual-homed bastion host
A screened subnet
Screened subnet firewall
The most secure of the four general implementations is the screened subnet firewall (demilitarized zone) shown in the MouseOver below.
The screened subnet firewall uses a bastion host to support both circuit- and application-level gateways and creates a
Demilitarized zone (DMZ): Networks that are between a company's internal network and the external network. A DMZ is used as an additional buffer to further separate the public network from your
internal private network.demilitarized zone (DMZ) that functions as an isolated network between the Internet and
the internal network. The use of external and internal screening routers prevents any traffic from directly traversing the sub-network, or DMZ.